The German computer magazine CT (English translation using google translate) analyzed the new WGA Notification that is installed during Windows Update. They decided to cancel the installation and immediately after doing so the firewall reported that update.exe tried to connect to the internet. This caught their attention of course and they decided to analyze the data that was send after the connection was established.
They used Wireshark to analyze the traffic and found out that update.exe sends data to genuine.microsoft.com. Some of the data seems to be encrypted while some could be identified. It sends registry information, namely the SusClientID as well as information about the version of the WGA tool, the windows version and the language of the operating system. It also sets a cookie which contains a GUID which could possibly be used to identify the computer.
Microsoft confirmed to the magazine that data is send but it would only be used to optimize the service. The GUID in the cookie would only be used to count all attempts in the most thorough way possible, it would not be used to identify the host.
It is however questionable why Microsoft is not informing the user that data is send using his internet connection.
One way to prevent this would be to either configure your firewall to block access to genuine.microsoft.com or add the following entry to your hosts file “127.0.0.1 genuine.microsoft.com”
Related posts:
Microsoft Windows Live Offline InstallationInternet Explorer Add-on: Report a Webpage Problem
Update Windows without Microsoft
Norton Antibot Free 1 Year License
Microsoft Diagnostics and Recovery Toolset
Microsoft expands anti-piracy program
RemoveWga 1.2 removes the Windows Genuine Advantage Notifications tool
Microsoft Security Patches April 2008
11 Responses to “Cancelling WGA Installation sends a report to Microsoft”
Trackbacks/Pingbacks
-
[...] WGA-Notification (German) Ghacks [...]
-
[...] gHacks.net [...]
The best way to avoid the problem is to not allow it to download the update in the first place. Then it is just another update and not WGA.
Brian I agree that it is best to avoid WGA completely but this is not always possible. Inexperienced users do install it and I think they should know what is happening and how they can prevent certain “things” from happening.
Especially when it comes to privacy.
“Microsoft confirmed to the magazine that data is send but it would only be used to optimize the service.”
What would they be able to optomize by a user canceling the install? It was MS just giving the magazine a quick anwser hoping they wouldn’t prob deeper in to the reason for the transport of data.
I stopped using all Microsoft products including Windows after learning of their unethical behavior, spying on customers and treating them like the enemy. I am a computer consultant, so not only have they lost my business but all clients I deal with now and in the future!
If you’re on Windows, don’t rely on being able to block access to any hosts in the microsoft.com domain using your hosts file. It’s been documented that Microsoft bypasses the hosts file for certain hosts. (Google for “hosts file”, “Microsoft”, and “bypass”.)
The only way for this to stop or to try and stop Microsoft from doing this is to take Microsoft to court. In a way Microsoft is Slandering Legal users and Slandering is a Crime..
cancel the genuine microsoft software installation in my pc
Please cancell, not satisfied, Thank You, David
please cancell my genuine software urgently
please cancell my genuine microsoft software. because my monitor is block